The ICO has fined Royal & Sun Alliance Insurance PLC (RSA) £150,000 following the loss of the personal information of nearly 60,000 customers. An ICO investigation looked at the theft of a hard drive device containing 59,592 customers’ names, addresses and bank account details including account numbers and sort codes.
Mark James, IT Security Specialist at ESET:
“Fines by the ICO for security breaches have been a matter for discussion for some time. For most, they seem fairly small and if we think about the actual monetary value they are, the fine itself may seem fairly insignificant but that of course is not the whole story. The PR exposure, your customer hearing about your failings and of course the damage done through the act in the first place, all has a cost.
The topic of security these days is on everyone’s lips and something that every company needs to take seriously. It’s not possible to protect against every possible attack vector but you should be able to take reasonable precautions to ensure you have done all you can to protect the data of your users. Encryption is not new, it has a relative low cost and can be rolled out and maintained with ease, it would not have stopped the theft of the hard drive in this case but it would have stopped the data being accessible. Fines need to be in place but more importantly there needs to be follow up, if you are holding other people’s data you need to do all you can to keep it safe.”